Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-23-2021 08:07 AM
Hi
We have a non persistent VDI environment. We installed the Cortex Agent (7.4.2.35695) on the Golden Image according to the guide: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-2/cortex-xdr-agent-admin/cortex-xdr-agent-for-...
If we then create new VDIs based on this image with the Citrix Provisioning Services they all show up as INSTALLATION TYPE: Golden Image in the console instead of VDI. They have also all the same EndpointID so they override each other in the Console. Hence we see only one at a time. Does anyone has any experience with this kind of setting.
Regards Chris
09-27-2021 04:54 AM
Hi Chris,
what I can think firstly is to double check that you have run the following command paying utmost attention to the last part of it when you enable the VDI.
msiexec /i c:\install\cortexxdr.msi /l*v C:\temp\cortexxdrinstall.log /qn VDI_ENABLED=1
Could you please confirm that VDI_ENABLED=1
If the former was done correctly, please perform the following in a couple of VDIs and check that the ID and the VDI name are different. This should make the difference between two different instances of the same VDI golden image
cytool vdi update
I've seen also that you have Citrix. If positive, please also make sure that you have read and completed the following steps:
Configure Agent Compatibility for Citrix App Layering
Due to a Citrix App Layering limitation, you must install the Cortex XDR agent only on the OS layer according to this workflow. This enables the Cortex XDR agent to provide full protection of your endpoints:
Install the Cortex XDR agent on OS layer during the preparation process of the App Layering image.
Cortex XDR agent installations on the Application layer or User layer are not supported.
Stop the Cortex XDR agent.
Before you finalize the OS layer, you must make changes in the Cortex XDR agent settings. To make these changes, you must first stop the agent by running the Cytool runtime stop command.
Delete two Cyvera folders.
Delete the following folders to allow them to be recreated later on:
c:\ProgramData\Cyvera\LocalSystem\Download\content
c:\ProgramData\Cyvera\LocalSystem\Persistence\cloud_frontend_db
Add the Cortex XDR agent to the Citrix App Layering exclusion list.
Add the following entry to the Windows Registry: HKLM\SYSTEM\CurrentControlSet\Services\Unirsd\ExcludeKey [REG_SZ] = "\Registry\Machine\System\Cyvera"
Shut down the OS layer and finalize the layer.
Please come back with feedback and dont forget to thumbs up if this answer was helpful.
KR and have a good VDI - Cortex XDR game time,
Luis
09-27-2021 04:54 AM
Hi Chris,
what I can think firstly is to double check that you have run the following command paying utmost attention to the last part of it when you enable the VDI.
msiexec /i c:\install\cortexxdr.msi /l*v C:\temp\cortexxdrinstall.log /qn VDI_ENABLED=1
Could you please confirm that VDI_ENABLED=1
If the former was done correctly, please perform the following in a couple of VDIs and check that the ID and the VDI name are different. This should make the difference between two different instances of the same VDI golden image
cytool vdi update
I've seen also that you have Citrix. If positive, please also make sure that you have read and completed the following steps:
Configure Agent Compatibility for Citrix App Layering
Due to a Citrix App Layering limitation, you must install the Cortex XDR agent only on the OS layer according to this workflow. This enables the Cortex XDR agent to provide full protection of your endpoints:
Install the Cortex XDR agent on OS layer during the preparation process of the App Layering image.
Cortex XDR agent installations on the Application layer or User layer are not supported.
Stop the Cortex XDR agent.
Before you finalize the OS layer, you must make changes in the Cortex XDR agent settings. To make these changes, you must first stop the agent by running the Cytool runtime stop command.
Delete two Cyvera folders.
Delete the following folders to allow them to be recreated later on:
c:\ProgramData\Cyvera\LocalSystem\Download\content
c:\ProgramData\Cyvera\LocalSystem\Persistence\cloud_frontend_db
Add the Cortex XDR agent to the Citrix App Layering exclusion list.
Add the following entry to the Windows Registry: HKLM\SYSTEM\CurrentControlSet\Services\Unirsd\ExcludeKey [REG_SZ] = "\Registry\Machine\System\Cyvera"
Shut down the OS layer and finalize the layer.
Please come back with feedback and dont forget to thumbs up if this answer was helpful.
KR and have a good VDI - Cortex XDR game time,
Luis
11-24-2021 01:52 AM
Hi Eluis
Sorry for the late answer. The following steps before finishing the Golden Image solved the issue:
"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" protect disable
"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" runtime stop
del /f /q "%ProgramData%\Cyvera\LocalSystem\OsPersistence\agent.id"
del /f /q "%ProgramData%\Cyvera\LocalSystem\OsPersistence\hardware.id"
del /f /q /s "%ProgramData%\Cyvera\LocalSystem\Persistence\cloud_frontend.db"
Regards Chris
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
